Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-23865 (GCVE-0-2026-23865)
Vulnerability from cvelistv5 – Published: 2026-03-02 16:09 – Updated: 2026-03-04 00:16
VLAI?
EPSS
Summary
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Severity ?
CWE
- CWE-125 - Out of Bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T16:25:34.989518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T16:26:15.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-04T00:16:54.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/03/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "FreeType",
"vendor": "FreeType",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "2.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.14.1",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2026-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out of Bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T16:09:42.079Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2026-23865",
"datePublished": "2026-03-02T16:09:42.079Z",
"dateReserved": "2026-01-16T19:49:26.309Z",
"dateUpdated": "2026-03-04T00:16:54.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23865\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2026-03-02T17:16:32.100\",\"lastModified\":\"2026-03-04T01:15:55.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c\",\"source\":\"cve-assign@fb.com\"},{\"url\":\"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/\",\"source\":\"cve-assign@fb.com\"},{\"url\":\"https://www.facebook.com/security/advisories/cve-2026-23865\",\"source\":\"cve-assign@fb.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/03/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/03/8\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-03-04T00:16:54.590Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23865\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-02T16:25:34.989518Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-02T16:25:48.848Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"FreeType\", \"product\": \"FreeType\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.13.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.13.3\"}, {\"status\": \"affected\", \"version\": \"2.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.14.1\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://www.facebook.com/security/advisories/cve-2026-23865\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"dateAssigned\": \"2026-02-17T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-125: Out of Bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"4fc57720-52fe-4431-a0fb-3d2c8747b827\", \"shortName\": \"Meta\", \"dateUpdated\": \"2026-03-02T16:09:42.079Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-23865\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T00:16:54.590Z\", \"dateReserved\": \"2026-01-16T19:49:26.309Z\", \"assignerOrgId\": \"4fc57720-52fe-4431-a0fb-3d2c8747b827\", \"datePublished\": \"2026-03-02T16:09:42.079Z\", \"assignerShortName\": \"Meta\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20726-1
Vulnerability from csaf_suse - Published: 2026-03-16 09:25 - Updated: 2026-03-16 09:25Summary
Security update for freetype2
Severity
Moderate
Notes
Title of the patch: Security update for freetype2
Description of the patch: This update for freetype2 fixes the following issue:
Update to freetype2 2.14.2:
- CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118).
Changelog:
* Several changes related to LCD filtering are implemented to
achieve better performance and encourage sound practices.
* Instead of blanket LCD filtering over the entire bitmap, it
is now applied only to non-zero spans using direct rendering.
This speeds up the ClearType-like rendering by more than 40%
at sizes above 32 ppem.
* Setting the filter weights with FT_Face_Properties is no
longer supported. The default and light filters are optimized
to work with any face.
* The legacy libXft LCD filter algorithm is no longer provided.
* A bunch of potential security problems have been found
(bsc#1259118, CVE-2026-23865). All users should update.
* The italic angle in `PS_FontInfo` is now stored as a fixed-point
value in degrees for all Type 1 fonts and their derivatives,
consistent with CFF fonts and common practices. The broken
underline position and thickness values are fixed for CFF fonts.
* The `x` field in the `FT_Span` structure is now unsigned.
* Demo program `ftgrid` got an option `-m` to select a start
character to display.
* Similarly, demo program `ftmulti` got an option `-m` to select a
text string for rendering.
* Option `-d` in the demo program `ttdebug` is now called `-a`,
expecting a comma-separated list of axis values. The user
interface is also slightly improved.
* The `ftinspect` demo program can now be compiled with Qt6, too.
* The auto-hinter got new abilities. It can now better separate
diacritic glyphs from base glyphs at small sizes by
artificially moving diacritics up (or down) if necessary
* Tilde accent glyphs get vertically stretched at small sizes so
that they don't degenerate to horizontal lines.
* Diacritics directly attached to a base glyph (like the ogonek in
character 'ę') no longer distort the shape of the base glyph
* The TrueType instruction interpreter was optimized to
produce a 15% gain in the glyph loading speed.
* Handling of Variation Fonts is now considerably faster
* TrueType and CFF glyph loading speed has been improved by 5-10%
on modern 64-bit platforms as a result of better handling of
fixed-point multiplication.
* The BDF driver now loads fonts 75% faster.
Patchnames: SUSE-SLE-Micro-6.0-619,SUSE-SLE-Micro-6.1-442
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freetype2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freetype2 fixes the following issue:\n\nUpdate to freetype2 2.14.2:\n\n- CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118).\n\nChangelog:\n \n * Several changes related to LCD filtering are implemented to\n achieve better performance and encourage sound practices.\n * Instead of blanket LCD filtering over the entire bitmap, it\n is now applied only to non-zero spans using direct rendering.\n This speeds up the ClearType-like rendering by more than 40%\n at sizes above 32 ppem.\n * Setting the filter weights with FT_Face_Properties is no\n longer supported. The default and light filters are optimized\n to work with any face.\n * The legacy libXft LCD filter algorithm is no longer provided.\n * A bunch of potential security problems have been found\n (bsc#1259118, CVE-2026-23865). All users should update.\n * The italic angle in `PS_FontInfo` is now stored as a fixed-point\n value in degrees for all Type 1 fonts and their derivatives,\n consistent with CFF fonts and common practices. The broken\n underline position and thickness values are fixed for CFF fonts.\n * The `x` field in the `FT_Span` structure is now unsigned.\n * Demo program `ftgrid` got an option `-m` to select a start\n character to display.\n * Similarly, demo program `ftmulti` got an option `-m` to select a\n text string for rendering.\n * Option `-d` in the demo program `ttdebug` is now called `-a`,\n expecting a comma-separated list of axis values. The user\n interface is also slightly improved.\n * The `ftinspect` demo program can now be compiled with Qt6, too.\n * The auto-hinter got new abilities. It can now better separate\n diacritic glyphs from base glyphs at small sizes by\n artificially moving diacritics up (or down) if necessary\n * Tilde accent glyphs get vertically stretched at small sizes so\n that they don\u0027t degenerate to horizontal lines.\n * Diacritics directly attached to a base glyph (like the ogonek in\n character \u0027\u0119\u0027) no longer distort the shape of the base glyph\n * The TrueType instruction interpreter was optimized to\n produce a 15% gain in the glyph loading speed.\n * Handling of Variation Fonts is now considerably faster\n * TrueType and CFF glyph loading speed has been improved by 5-10%\n on modern 64-bit platforms as a result of better handling of\n fixed-point multiplication.\n * The BDF driver now loads fonts 75% faster.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-619,SUSE-SLE-Micro-6.1-442",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20726-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20726-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620726-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20726-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024802.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252148",
"url": "https://bugzilla.suse.com/1252148"
},
{
"category": "self",
"summary": "SUSE Bug 1259118",
"url": "https://bugzilla.suse.com/1259118"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23865 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23865/"
}
],
"title": "Security update for freetype2",
"tracking": {
"current_release_date": "2026-03-16T09:25:21Z",
"generator": {
"date": "2026-03-16T09:25:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20726-1",
"initial_release_date": "2026-03-16T09:25:21Z",
"revision_history": [
{
"date": "2026-03-16T09:25:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.36.1-3.1.aarch64",
"product": {
"name": "busybox-1.36.1-3.1.aarch64",
"product_id": "busybox-1.36.1-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"product": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"product_id": "libfreetype6-2.14.2-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"product": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"product_id": "libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.36.1-3.1.s390x",
"product": {
"name": "busybox-1.36.1-3.1.s390x",
"product_id": "busybox-1.36.1-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"product": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"product_id": "libfreetype6-2.14.2-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.36.1-3.1.x86_64",
"product": {
"name": "busybox-1.36.1-3.1.x86_64",
"product_id": "busybox-1.36.1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.x86_64",
"product": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.x86_64",
"product_id": "libfreetype6-2.14.2-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.36.1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:busybox-1.36.1-3.1.aarch64"
},
"product_reference": "busybox-1.36.1-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.36.1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:busybox-1.36.1-3.1.s390x"
},
"product_reference": "busybox-1.36.1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.36.1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:busybox-1.36.1-3.1.x86_64"
},
"product_reference": "busybox-1.36.1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.aarch64"
},
"product_reference": "libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le"
},
"product_reference": "libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.s390x"
},
"product_reference": "libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.x86_64"
},
"product_reference": "libfreetype6-2.14.2-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23865"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.aarch64",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.s390x",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.x86_64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23865",
"url": "https://www.suse.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "SUSE Bug 1259118 for CVE-2026-23865",
"url": "https://bugzilla.suse.com/1259118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.aarch64",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.s390x",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.x86_64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.aarch64",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.s390x",
"SUSE Linux Micro 6.0:busybox-1.36.1-3.1.x86_64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libfreetype6-2.14.2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T09:25:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-23865"
}
]
}
SUSE-SU-2026:20730-1
Vulnerability from csaf_suse - Published: 2026-03-16 13:23 - Updated: 2026-03-16 13:23Summary
Security update for freetype2
Severity
Moderate
Notes
Title of the patch: Security update for freetype2
Description of the patch: This update for freetype2 fixes the following issue:
Update to freetype2 2.14.2:
- CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118).
Changelog:
* Several changes related to LCD filtering are implemented to
achieve better performance and encourage sound practices.
* Instead of blanket LCD filtering over the entire bitmap, it
is now applied only to non-zero spans using direct rendering.
This speeds up the ClearType-like rendering by more than 40%
at sizes above 32 ppem.
* Setting the filter weights with FT_Face_Properties is no
longer supported. The default and light filters are optimized
to work with any face.
* The legacy libXft LCD filter algorithm is no longer provided.
* The italic angle in `PS_FontInfo` is now stored as a fixed-point
value in degrees for all Type 1 fonts and their derivatives,
consistent with CFF fonts and common practices. The broken
underline position and thickness values are fixed for CFF fonts.
* The `x` field in the `FT_Span` structure is now unsigned.
* Demo program `ftgrid` got an option `-m` to select a start
character to display.
* Similarly, demo program `ftmulti` got an option `-m` to select a
text string for rendering.
* Option `-d` in the demo program `ttdebug` is now called `-a`,
expecting a comma-separated list of axis values. The user
interface is also slightly improved.
* The `ftinspect` demo program can now be compiled with Qt6, too.
* The auto-hinter got new abilities. It can now better separate
diacritic glyphs from base glyphs at small sizes by
artificially moving diacritics up (or down) if necessary
* Tilde accent glyphs get vertically stretched at small sizes so
that they don't degenerate to horizontal lines.
* Diacritics directly attached to a base glyph (like the ogonek in
character 'ę') no longer distort the shape of the base glyph
* The TrueType instruction interpreter was optimized to
produce a 15% gain in the glyph loading speed.
* Handling of Variation Fonts is now considerably faster
* TrueType and CFF glyph loading speed has been improved by 5-10%
on modern 64-bit platforms as a result of better handling of
fixed-point multiplication.
* The BDF driver now loads fonts 75% faster.
Patchnames: SUSE-SLE-Micro-6.0-623
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freetype2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freetype2 fixes the following issue:\n\nUpdate to freetype2 2.14.2:\n\n- CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118).\n\nChangelog:\n\n * Several changes related to LCD filtering are implemented to\n achieve better performance and encourage sound practices.\n * Instead of blanket LCD filtering over the entire bitmap, it\n is now applied only to non-zero spans using direct rendering.\n This speeds up the ClearType-like rendering by more than 40%\n at sizes above 32 ppem.\n * Setting the filter weights with FT_Face_Properties is no\n longer supported. The default and light filters are optimized\n to work with any face.\n * The legacy libXft LCD filter algorithm is no longer provided.\n * The italic angle in `PS_FontInfo` is now stored as a fixed-point\n value in degrees for all Type 1 fonts and their derivatives,\n consistent with CFF fonts and common practices. The broken\n underline position and thickness values are fixed for CFF fonts.\n * The `x` field in the `FT_Span` structure is now unsigned.\n * Demo program `ftgrid` got an option `-m` to select a start\n character to display.\n * Similarly, demo program `ftmulti` got an option `-m` to select a\n text string for rendering.\n * Option `-d` in the demo program `ttdebug` is now called `-a`,\n expecting a comma-separated list of axis values. The user\n interface is also slightly improved.\n * The `ftinspect` demo program can now be compiled with Qt6, too.\n * The auto-hinter got new abilities. It can now better separate\n diacritic glyphs from base glyphs at small sizes by\n artificially moving diacritics up (or down) if necessary\n * Tilde accent glyphs get vertically stretched at small sizes so\n that they don\u0027t degenerate to horizontal lines.\n * Diacritics directly attached to a base glyph (like the ogonek in\n character \u0027\u0119\u0027) no longer distort the shape of the base glyph\n * The TrueType instruction interpreter was optimized to\n produce a 15% gain in the glyph loading speed.\n * Handling of Variation Fonts is now considerably faster\n * TrueType and CFF glyph loading speed has been improved by 5-10%\n on modern 64-bit platforms as a result of better handling of\n fixed-point multiplication.\n * The BDF driver now loads fonts 75% faster.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-623",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20730-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20730-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620730-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20730-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024800.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252148",
"url": "https://bugzilla.suse.com/1252148"
},
{
"category": "self",
"summary": "SUSE Bug 1259118",
"url": "https://bugzilla.suse.com/1259118"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23865 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23865/"
}
],
"title": "Security update for freetype2",
"tracking": {
"current_release_date": "2026-03-16T13:23:56Z",
"generator": {
"date": "2026-03-16T13:23:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20730-1",
"initial_release_date": "2026-03-16T13:23:56Z",
"revision_history": [
{
"date": "2026-03-16T13:23:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.aarch64",
"product": {
"name": "libfreetype6-2.14.2-1.1.aarch64",
"product_id": "libfreetype6-2.14.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.s390x",
"product": {
"name": "libfreetype6-2.14.2-1.1.s390x",
"product_id": "libfreetype6-2.14.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.x86_64",
"product": {
"name": "libfreetype6-2.14.2-1.1.x86_64",
"product_id": "libfreetype6-2.14.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.aarch64"
},
"product_reference": "libfreetype6-2.14.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.s390x"
},
"product_reference": "libfreetype6-2.14.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.x86_64"
},
"product_reference": "libfreetype6-2.14.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23865"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23865",
"url": "https://www.suse.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "SUSE Bug 1259118 for CVE-2026-23865",
"url": "https://bugzilla.suse.com/1259118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreetype6-2.14.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T13:23:56Z",
"details": "moderate"
}
],
"title": "CVE-2026-23865"
}
]
}
WID-SEC-W-2026-0565
Vulnerability from csaf_certbund - Published: 2026-03-02 23:00 - Updated: 2026-03-08 23:00Summary
FreeType: Schwachstelle ermöglicht nicht spezifizierten Angriff
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeType ist eine Open Source Programmbibliothek zur Darstellung von Vektorschriften.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FreeType ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeType ist eine Open Source Programmbibliothek zur Darstellung von Vektorschriften.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FreeType ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0565 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0565.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0565 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0565"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-02",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-9195"
},
{
"category": "external",
"summary": "CVE Record vom 2026-03-02",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"category": "external",
"summary": "Commit auf Gitlab vom 2026-03-02",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2026-03-05",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10289-1 vom 2026-03-06",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3CVKFLXMM3FLZ4CKUH5LQ7FC5YR4YLXM/"
}
],
"source_lang": "en-US",
"title": "FreeType: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2026-03-08T23:00:00.000+00:00",
"generator": {
"date": "2026-03-09T08:11:54.285+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0565",
"initial_release_date": "2026-03-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.14.2",
"product": {
"name": "Open Source FreeType \u003c2.14.2",
"product_id": "T051333"
}
},
{
"category": "product_version",
"name": "2.14.2",
"product": {
"name": "Open Source FreeType 2.14.2",
"product_id": "T051333-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:freetype:freetype:2.14.2"
}
}
}
],
"category": "product_name",
"name": "FreeType"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23865",
"product_status": {
"known_affected": [
"T027843",
"T049210",
"T051333"
]
},
"release_date": "2026-03-02T23:00:00.000+00:00",
"title": "CVE-2026-23865"
}
]
}
GHSA-878V-MXG6-VJ8F
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-04 03:31
VLAI?
Details
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-23865"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:32Z",
"severity": "MODERATE"
},
"details": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.",
"id": "GHSA-878v-mxg6-vj8f",
"modified": "2026-03-04T03:31:33Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865"
},
{
"type": "WEB",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/03/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
CERTFR-2026-AVI-0274
Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 freetype 2.13.2-1 versions antérieures à 2.13.2-2 | ||
| Microsoft | N/A | Microsoft Semantic Kernel Python SDK versions antérieures à 1.39.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (CU2) versions antérieures à 17.0.4020.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6480.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2100.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3520.4 | ||
| Microsoft | N/A | Microsoft Authenticator pour Android versions antérieures à 6.2511.7533 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5543.1000 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20102 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 23) versions antérieures à 16.0.4240.4 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20076 | ||
| Microsoft | N/A | System Center Operations Manager 2022 versions antérieures à 10.22.11951.0 | ||
| Microsoft | N/A | cbl2 freetype 2.13.1-1 versions antérieures à 2.13.1-2 | ||
| Microsoft | N/A | Microsoft Authenticator pour IOS versions antérieures à 6.8.40 | ||
| Microsoft | N/A | Microsoft.Bcl.Memory 9.0 versions antérieures à 9.0.14 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7075.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4460.4 | ||
| Microsoft | N/A | Microsoft.Bcl.Memory 10.0 versions antérieures à 10.0.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1105.2 | ||
| Microsoft | N/A | System Center Operations Manager 2025 versions antérieures à 10.25.10377.0 | ||
| Microsoft | N/A | GitHub Repo: Zero Shot scFoundation versions antérieures à 0.1.1 | ||
| Microsoft | N/A | System Center Operations Manager 2019 versions antérieures à 10.19.10658.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 freetype 2.13.2-1 versions ant\u00e9rieures \u00e0 2.13.2-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Semantic Kernel Python SDK versions ant\u00e9rieures \u00e0 1.39.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (CU2) versions ant\u00e9rieures \u00e0 17.0.4020.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6480.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2100.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3520.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Authenticator pour Android versions ant\u00e9rieures \u00e0 6.2511.7533",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5543.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20102",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 23) versions ant\u00e9rieures \u00e0 16.0.4240.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19725.20076",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2022 versions ant\u00e9rieures \u00e0 10.22.11951.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 freetype 2.13.1-1 versions ant\u00e9rieures \u00e0 2.13.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Authenticator pour IOS versions ant\u00e9rieures \u00e0 6.8.40",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft.Bcl.Memory 9.0 versions ant\u00e9rieures \u00e0 9.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7075.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4460.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft.Bcl.Memory 10.0 versions ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1170.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1170.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 17.0.1105.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2025 versions ant\u00e9rieures \u00e0 10.25.10377.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "GitHub Repo: Zero Shot scFoundation versions ant\u00e9rieures \u00e0 0.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2019 versions ant\u00e9rieures \u00e0 10.19.10658.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26123",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26123"
},
{
"name": "CVE-2026-26106",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26106"
},
{
"name": "CVE-2026-26114",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26114"
},
{
"name": "CVE-2026-26127",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26127"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-26030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26030"
},
{
"name": "CVE-2026-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"
},
{
"name": "CVE-2026-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26115"
},
{
"name": "CVE-2026-23654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23654"
},
{
"name": "CVE-2026-20967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20967"
},
{
"name": "CVE-2026-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26116"
},
{
"name": "CVE-2026-26105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26105"
},
{
"name": "CVE-2026-26113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26113"
}
],
"initial_release_date": "2026-03-11T00:00:00",
"last_revision_date": "2026-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0274",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26114",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23865",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23865"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26127",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-20967",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26113",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23654",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23654"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21262",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21262"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26123",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26123"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26115",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26116",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26116"
}
]
}
OPENSUSE-SU-2026:10289-1
Vulnerability from csaf_opensuse - Published: 2026-03-05 00:00 - Updated: 2026-03-05 00:00Summary
freetype2-devel-2.14.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: freetype2-devel-2.14.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the freetype2-devel-2.14.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10289
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "freetype2-devel-2.14.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the freetype2-devel-2.14.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10289",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10289-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23865 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23865/"
}
],
"title": "freetype2-devel-2.14.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-05T00:00:00Z",
"generator": {
"date": "2026-03-05T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10289-1",
"initial_release_date": "2026-03-05T00:00:00Z",
"revision_history": [
{
"date": "2026-03-05T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.14.2-1.1.aarch64",
"product": {
"name": "freetype2-devel-2.14.2-1.1.aarch64",
"product_id": "freetype2-devel-2.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.14.2-1.1.aarch64",
"product": {
"name": "freetype2-devel-32bit-2.14.2-1.1.aarch64",
"product_id": "freetype2-devel-32bit-2.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.14.2-1.1.aarch64",
"product": {
"name": "freetype2-profile-tti35-2.14.2-1.1.aarch64",
"product_id": "freetype2-profile-tti35-2.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftdump-2.14.2-1.1.aarch64",
"product": {
"name": "ftdump-2.14.2-1.1.aarch64",
"product_id": "ftdump-2.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.aarch64",
"product": {
"name": "libfreetype6-2.14.2-1.1.aarch64",
"product_id": "libfreetype6-2.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.14.2-1.1.aarch64",
"product": {
"name": "libfreetype6-32bit-2.14.2-1.1.aarch64",
"product_id": "libfreetype6-32bit-2.14.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.14.2-1.1.ppc64le",
"product": {
"name": "freetype2-devel-2.14.2-1.1.ppc64le",
"product_id": "freetype2-devel-2.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"product": {
"name": "freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"product_id": "freetype2-devel-32bit-2.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"product": {
"name": "freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"product_id": "freetype2-profile-tti35-2.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftdump-2.14.2-1.1.ppc64le",
"product": {
"name": "ftdump-2.14.2-1.1.ppc64le",
"product_id": "ftdump-2.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.ppc64le",
"product": {
"name": "libfreetype6-2.14.2-1.1.ppc64le",
"product_id": "libfreetype6-2.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.14.2-1.1.ppc64le",
"product": {
"name": "libfreetype6-32bit-2.14.2-1.1.ppc64le",
"product_id": "libfreetype6-32bit-2.14.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.14.2-1.1.s390x",
"product": {
"name": "freetype2-devel-2.14.2-1.1.s390x",
"product_id": "freetype2-devel-2.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.14.2-1.1.s390x",
"product": {
"name": "freetype2-devel-32bit-2.14.2-1.1.s390x",
"product_id": "freetype2-devel-32bit-2.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.14.2-1.1.s390x",
"product": {
"name": "freetype2-profile-tti35-2.14.2-1.1.s390x",
"product_id": "freetype2-profile-tti35-2.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ftdump-2.14.2-1.1.s390x",
"product": {
"name": "ftdump-2.14.2-1.1.s390x",
"product_id": "ftdump-2.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.s390x",
"product": {
"name": "libfreetype6-2.14.2-1.1.s390x",
"product_id": "libfreetype6-2.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.14.2-1.1.s390x",
"product": {
"name": "libfreetype6-32bit-2.14.2-1.1.s390x",
"product_id": "libfreetype6-32bit-2.14.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.14.2-1.1.x86_64",
"product": {
"name": "freetype2-devel-2.14.2-1.1.x86_64",
"product_id": "freetype2-devel-2.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.14.2-1.1.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.14.2-1.1.x86_64",
"product_id": "freetype2-devel-32bit-2.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.14.2-1.1.x86_64",
"product": {
"name": "freetype2-profile-tti35-2.14.2-1.1.x86_64",
"product_id": "freetype2-profile-tti35-2.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdump-2.14.2-1.1.x86_64",
"product": {
"name": "ftdump-2.14.2-1.1.x86_64",
"product_id": "ftdump-2.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.14.2-1.1.x86_64",
"product": {
"name": "libfreetype6-2.14.2-1.1.x86_64",
"product_id": "libfreetype6-2.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.14.2-1.1.x86_64",
"product": {
"name": "libfreetype6-32bit-2.14.2-1.1.x86_64",
"product_id": "libfreetype6-32bit-2.14.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.aarch64"
},
"product_reference": "freetype2-devel-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.ppc64le"
},
"product_reference": "freetype2-devel-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.s390x"
},
"product_reference": "freetype2-devel-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.x86_64"
},
"product_reference": "freetype2-devel-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.aarch64"
},
"product_reference": "freetype2-devel-32bit-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.ppc64le"
},
"product_reference": "freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.s390x"
},
"product_reference": "freetype2-devel-32bit-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.x86_64"
},
"product_reference": "freetype2-devel-32bit-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.aarch64"
},
"product_reference": "freetype2-profile-tti35-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.ppc64le"
},
"product_reference": "freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.s390x"
},
"product_reference": "freetype2-profile-tti35-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.x86_64"
},
"product_reference": "freetype2-profile-tti35-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdump-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ftdump-2.14.2-1.1.aarch64"
},
"product_reference": "ftdump-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdump-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ftdump-2.14.2-1.1.ppc64le"
},
"product_reference": "ftdump-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdump-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ftdump-2.14.2-1.1.s390x"
},
"product_reference": "ftdump-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdump-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ftdump-2.14.2-1.1.x86_64"
},
"product_reference": "ftdump-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.aarch64"
},
"product_reference": "libfreetype6-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.ppc64le"
},
"product_reference": "libfreetype6-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.s390x"
},
"product_reference": "libfreetype6-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.x86_64"
},
"product_reference": "libfreetype6-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.aarch64"
},
"product_reference": "libfreetype6-32bit-2.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.ppc64le"
},
"product_reference": "libfreetype6-32bit-2.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.s390x"
},
"product_reference": "libfreetype6-32bit-2.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.x86_64"
},
"product_reference": "libfreetype6-32bit-2.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23865"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23865",
"url": "https://www.suse.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "SUSE Bug 1259118 for CVE-2026-23865",
"url": "https://bugzilla.suse.com/1259118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:ftdump-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.14.2-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.14.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23865"
}
]
}
FKIE_CVE-2026-23865
Vulnerability from fkie_nvd - Published: 2026-03-02 17:16 - Updated: 2026-03-04 01:15
Severity ?
Summary
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c | ||
| cve-assign@fb.com | https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/ | ||
| cve-assign@fb.com | https://www.facebook.com/security/advisories/cve-2026-23865 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/03/03/8 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en la funci\u00f3n tt_var_load_item_variation_store de la librer\u00eda Freetype en las versiones 2.13.2 y 2.13.3 puede permitir una operaci\u00f3n de lectura fuera de l\u00edmites al analizar tablas HVAR/VVAR/MVAR en fuentes variables OpenType. Este problema est\u00e1 solucionado en la versi\u00f3n 2.14.2."
}
],
"id": "CVE-2026-23865",
"lastModified": "2026-03-04T01:15:55.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cve-assign@fb.com",
"type": "Secondary"
}
]
},
"published": "2026-03-02T17:16:32.100",
"references": [
{
"source": "cve-assign@fb.com",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"source": "cve-assign@fb.com",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"
},
{
"source": "cve-assign@fb.com",
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/03/03/8"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
MSRC_CVE-2026-23865
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-31 14:39Summary
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-125
- Out-of-bounds Read
Vendor Fix
2.13.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
Vendor Fix
2.13.1-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-23865.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.",
"tracking": {
"current_release_date": "2026-03-31T14:39:37.000Z",
"generator": {
"date": "2026-04-01T07:38:22.479Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-23865",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-04T01:09:54.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-03-05T01:08:37.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-03-06T01:38:26.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-03-11T01:40:19.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-03-31T14:39:37.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 freetype 2.13.2-1",
"product": {
"name": "\u003cazl3 freetype 2.13.2-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 freetype 2.13.2-1",
"product": {
"name": "azl3 freetype 2.13.2-1",
"product_id": "20954"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 freetype 2.13.1-2",
"product": {
"name": "\u003ccbl2 freetype 2.13.1-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 freetype 2.13.1-2",
"product": {
"name": "cbl2 freetype 2.13.1-2",
"product_id": "21099"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 freetype 2.13.1-1",
"product": {
"name": "\u003ccbl2 freetype 2.13.1-1",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "cbl2 freetype 2.13.1-1",
"product": {
"name": "cbl2 freetype 2.13.1-1",
"product_id": "19394"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 freetype 2.13.2-2",
"product": {
"name": "\u003cazl3 freetype 2.13.2-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 freetype 2.13.2-2",
"product": {
"name": "azl3 freetype 2.13.2-2",
"product_id": "21098"
}
}
],
"category": "product_name",
"name": "freetype"
},
{
"category": "product_name",
"name": "azl3 qtbase 6.6.3-4",
"product": {
"name": "azl3 qtbase 6.6.3-4",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "cbl2 qt5-qtbase 5.12.11-19",
"product": {
"name": "cbl2 qt5-qtbase 5.12.11-19",
"product_id": "4"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 freetype 2.13.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 freetype 2.13.2-1 as a component of Azure Linux 3.0",
"product_id": "20954-17084"
},
"product_reference": "20954",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qtbase 6.6.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 freetype 2.13.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 freetype 2.13.1-2 as a component of CBL Mariner 2.0",
"product_id": "21099-17086"
},
"product_reference": "21099",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 freetype 2.13.1-1 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 freetype 2.13.1-1 as a component of CBL Mariner 2.0",
"product_id": "19394-17086"
},
"product_reference": "19394",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 qt5-qtbase 5.12.11-19 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 freetype 2.13.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 freetype 2.13.2-2 as a component of Azure Linux 3.0",
"product_id": "21098-17084"
},
"product_reference": "21098",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23865",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-5",
"17086-4"
]
}
],
"notes": [
{
"category": "general",
"text": "Meta",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20954-17084",
"21099-17086",
"19394-17086",
"21098-17084"
],
"known_affected": [
"17084-3",
"17086-1",
"17086-6",
"17084-2"
],
"known_not_affected": [
"17084-5",
"17086-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-23865.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T01:09:54.000Z",
"details": "2.13.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-03-04T01:09:54.000Z",
"details": "2.13.1-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1",
"17086-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"17084-3",
"17086-1",
"17086-6",
"17084-2"
]
}
],
"title": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2."
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…